SYSTEM AND METHOD FOR 
PERSONAL IDENTIFICATION 

BACKGROUND OF THE INVENTION 
The present invention relates to a personal identification system 
and a personal identification method, and in particular, to a personal 
identification system and a personal identification method for an 
information processing system including two or more local computers and 
a remote computer having common resources which can be accessed by 
each of the local computers. 
Description of the Prior Art 

When common resources of a remote computer (that is, data which 
are stored in the remote computer, hardware (printer, scanner, etc) which 
is connected to the remote computer, etc.) of a communication network 
system (information processing system) are shared by users of the system 
who make access to the remote computer from local computers, personal 
identification of the users becomes necessary. As a general conventional 
personal identification method, each user inputs his/her secret password 
directly from a keyboard of a local computer, and the inputted password is 
sent to a personal identification function of the remote computer to be 
verified. 

Besides the above conventional personal identification method, 
various types of personal identification methods have been proposed. 
For example, in Japanese Patent Application Laid-Open No.HEIlO- 
105516, the load for the personal identification is distributed, in which 
security management is executed at the entrance of the network. The 
user is required to input his/her user ID and password for the personal 
identification, and the inputted user ID and password are sent to a 
security management function of the network to be verified. 

In a conventional personal identification method disclosed in 



Japanese Patent Application Laid-Open No.HEI10-161979, a fingerprint 
of the user, in addition to the user ID and password, is used for the 
personal identification of the user. By use of the three types of 
information, the reliability of the personal identification is improved. 

In conventional personal identification methods disclosed in 
Japanese Patent Application Laid-Open No.HEI7-64911, Japanese 
Patent Application Laid-Open No.HEI7-50665 and Japanese Patent 
Application Laid-Open No. HEI1 1-39483, a user card, in which personal 
identification information (fingerprint etc.) has preliminarily been stored, 
is supplied to each user of the communication network system, and when 
the user makes access to the communication network system, actual 
personal identification information (fingerprint etc.) of the user who is 
operating a local computer is verified against the personal identification 
information (fingerprint etc.) which has been stored in the user card. 
The access to the communication network system is permitted if the 
actual personal identification information of the user matched the 
personal identification information stored in the user card, thereby the 
user and the service provider are protected from damages even in cases 
where the user card is stolen and an illegal use of the user card is 
attempted. 

However, the conventional personal identification methods which 
have been explained above involves the following problems or drawbacks. 

First, in the conventional personal identification methods 
employing passwords, users tend to forget the password which the user 
himself/herself has determined and set. The user is apt to set a 
complicated password that is hard to guess, in order to prevent illegal 
access of a third party to the remote computer. 

Second, even if the password is preliminarily described or stored in 
a computer file of a local computer in order to eliminate the above 
"password forgetting problem", the computer file storing the password is 
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managed in each local computer independently, and thus the user is 
unable to be identified when the user is operating a different local 
computer. 

Third, if the local computer which stores the computer file 
including the password of the user is shared by two or more persons, the 
stored password is easily stolen by the persons sharing the local 
computer, since each stored password is generally not protected in the 
local computer by means of a password etc. 

In the conventional personal identification methods of Japanese 
Patent Application Laid-Open Nos.HEI10-105516 and HEI10-161979, the 
user is still required to input the password, and thus the above first 
problem (password forgetting problem) occurs. The user is further 
required to input his/her physical characteristics such as a fingerprint, 
thereby the input operation for the personal identification is necessitated 
to be complicated. 

In the conventional personal identification methods of Japanese 
Patent Application Laid-Open Nos.HEI7-64911, HEI7-50665 and HEI11- 
39483 employing the user card in which the personal identification 
information (fingerprint etc.) of the user has preliminarily been stored, 
cost and effort are necessary for preparing and issuing the user cards. 
Further, when a user uses two or more local computers (terminals), the 
user is required to re-connect (re-insert) the user card for personal 
identification on every change of the local computers. When the user 
disconnects the user card from a local computer, the user is no more 
permitted to use the local computer because of the security problem. In 
order to resolve the above problem, simultaneous use of two or more local 
computers by a user has to be prohibited, or two or more user cards have 
to be issued to each user at considerable cost and effort. 



SUMMARY OF THE INVENTION 

It is therefore the primary object of the present invention to 
provide a personal identification system and a personal identification 
method, by which common resources of a remote computer can be shared 
and used by authorized users of local computers, without requiring the 
user to memorize and input a complicated password. 

Another object of the present invention is to provide a personal 
identification system and a personal identification method for an 
information processing system including two or more local computers and 
a remote computer having common resources to be shared by authorized 
users of the local computers, by which a local computer can be used by two 
or more users safely without the danger of leaks and illegal use of 
passwords even if the local computer has to be shared by two or more 
users. 

Another object of the present invention is to provide a personal 
identification system and a personal identification method for an 
information processing system including two or more local computers and 
a remote computer having common resources to be shared by authorized 
users of the local computers, by which the simultaneous use of two or 
more local computers by a user can be realized easily and freely, without 
the need of issuing two or more user cards etc. to each user at 
considerable cost and effort. 

In accordance with a first aspect of the present invention, there 
is provided a personal identification system for an information processing 
system including two or more local computers and a remote computer 
having common resources which can be accessed by each of the local 
computers. The personal identification system comprises a personal 
verification system as common equipment for the local computers. The 
personal verification system includes a database means for storing 
passwords of each authorized user and physical characteristics data 




corresponding to each password. The local computer is provided with a 
physical characteristics scanning/sending means. The physical 
characteristics scanning/sending means scans physical characteristics of 
a user when the user made a request to the local computer for the use of 
the common resources of the remote computer, generates characteristics 
data based on the scanned physical characteristics of the user, and sends 
the characteristics data to the personal verification system. The 
personal verification system which received the characteristics data from 
the physical characteristics scanning/sending means of the local computer 
searches the database means for a password using the received 
characteristics data as a key and sends the searched password to the local 
computer. The local computer which received the password from the 
personal verification system sends the received password to the remote 
computer for user identification. 

In accordance with a second aspect of the present invention, in 
the first aspect, the remote computer includes a user personal 
identification means for executing personal identification of the user by 
use of the password which is sent from the local computer. 

In accordance with a third aspect of the present invention, in the 
first aspect, the local computers, the remote computer and the personal 
verification system are connected together by a communication network. 

In accordance with a fourth aspect of the present invention, in 
the first aspect, the communication network is an Ethernet LAN. 

In accordance with a fifth aspect of the present invention, in the 
first aspect, the communication network is a wireless LAN. 

In accordance with a sixth aspect of the present invention, in the 
first aspect, a fingerprint of the user is scanned by the physical 
characteristics scanning/sending means as the physical characteristics of 
the user. 

In accordance with a seventh aspect of the present invention, in 
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the first aspect, an iris pattern of the user is scanned by the physical 
characteristics scanning/sending means as the physical characteristics of 
the user. 

In accordance with an eighth aspect of the present invention, in 
the first aspect, a retina pattern of the user is scanned by the physical 
characteristics scanning/sending means as the physical characteristics of 
the user. 

In accordance with a ninth aspect of the present invention, in the 
first aspect, a voiceprint of the user is scanned by the physical 
characteristics scanning/sending means as the physical characteristics of 
the user. 

In accordance with a tenth aspect of the present invention, there 
is provided a personal identification method for an information processing 
system including two or more local computers and a remote computer 
having common resources which can be accessed by each of the local 
computers. The personal identification method comprises a physical 
characteristics scanning/sending step, a personal verification step and a 
password sending step. In the physical characteristics scanning/sending 
step, a physical characteristics scanning/sending means of a local 
computer scans physical characteristics of a user when the user made a 
request to the local computer for the use of the common resources of the 
remote computer, generates characteristics data based on the scanned 
physical characteristics of the user, and sends the characteristics data to 
a personal verification system. The personal verification system, which 
is provided to the information processing system as common equipment 
for the local computers, includes a database means for storing passwords 
of each authorized user and physical characteristics data corresponding 
to each password. In the personal verification step, the personal 
verification system which received the characteristics data from the 
physical characteristics scanning/sending means of the local computer 




searches the database means for a password using the received 
characteristics data as a key and sends the searched password to the local 
computer. In the password sending step, the local computer which 
received the password from the personal verification system sends the 
received password to the remote computer for user identification. 

In accordance with an eleventh aspect of the present invention, 
in the tenth aspect, the personal identification method further comprises 
a user personal identification step. In the user personal identification 
step, the remote computer executes personal identification of the user by 
use of the password which is sent from the local computer. 

In accordance with a twelfth aspect of the present invention, in 
the tenth aspect, the local computers, the remote computer and the 
personal verification system are connected together by a communication 
network. 

In accordance with a thirteenth aspect of the present invention, 
in the tenth aspect, the communication network is an Ethernet LAN. 

In accordance with a fourteenth aspect of the present invention, 
in the tenth aspect, the communication network is a wireless LAN. 

In accordance with a fifteenth aspect of the present invention, in 
the tenth aspect, a fingerprint of the user is scanned in the physical 
characteristics scanning/sending step as the physical characteristics of 
the user. 

In accordance with a sixteenth aspect of the present invention, in 
the tenth aspect, an iris pattern of the user is scanned in the physical 
characteristics scanning/sending step as the physical characteristics of 
the user. 

In accordance with a seventeenth aspect of the present 
invention, in the tenth aspect, a retina pattern of the user is scanned in 
the physical characteristics scanning/sending step as the physical 
characteristics of the user. 



In accordance with an eighteenth aspect of the present invention, 
in the tenth aspect, a voiceprint of the user is scanned in the physical 
characteristics scanning/sending step as the physical characteristics of 
the user. 

BRIEF DESCRIPTION OF THE DRAWINGS 
The objects and features of the present invention will become 
more apparent from the consideration of the following detailed 
description taken in conjunction with the accompanying drawings, in 
which: 

Fig.l is a schematic block diagram showing a personal 
identification system in accordance with an embodiment of the present 
invention; and 

Fig. 2 is a flow chart showing an example of the operation of the 
personal identification system of Fig.l. 



DESCRIPTION OF THE PREFERRED EMBODIMENTS 
Referring now to the drawings, a description will be given in 
detail of preferred embodiments in accordance with the present invention. 

Fig.l is a schematic block diagram showing a personal 
identification system in accordance with an embodiment of the present 
invention. In the personal identification system of Fig.l, a remote 
computer system 1, two or more local computer systems 2 and 3 and a 
personal verification system 4 are connected together by a communication 
network 5. The type of the communication network 5 is not particularly 
limited. The communication network 5 can be an Ethernet LAN, a 
wireless LAN, etc. Incidentally, while only two local computer systems 
(2, 3) are shown in Fig.l for the sake of simplicity, the number of the local 
computer systems is not limited. 

The local computer systems 2 and 3 are capable of making access 
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to common resources 11 of the remote computer system 1. The remote 
computer system 1 includes a remote computer 12 as the main part of the 
remote computer system 1, the common resources 11 and a user 
identification program 13. The user identification program 13 is 
executed by the remote computer 12. The common resources 11 include 
data which are stored in the remote computer 12, hardware (printer, 
scanner, etc.) which is connected to the remote computer 12, etc. The 
personal verification system 4 is provided to the personal identification 
system of Fig. 1 as common equipment for all the local computer systems 2 
and 3 in order to implement the personal identification on access. The 
personal verification system 4 is generally implemented by a server. 

Each local computer system (2, 3) includes a local computer (21, 
31) as the main part of the local computer system (2, 3), a scanning 
section (22, 32) for scanning physical characteristics (a fingerprint etc.) of 
the user and generating characteristics data (24, 34), and a logon 
program (23, 33) which is executed by the local computer (21, 31). The 
logon program (23, 33) sends the characteristics data (24, 34) to the 
personal verification system 4, receives a password from the personal 
verification system 4 as the reply to the characteristics data (24, 34), and 
sends the password to the remote computer system 1. 

The personal verification system 4 includes a personal verification 
computer 41 as the main part of the personal verification system 4, a 
database section 43 for storing passwords 45 of each authorized user and 
physical characteristics data 44 corresponding to each password 45, and a 
personal verification program 42 which is executed by the personal 
verification computer 41. The personal verification program 42 receives 
the characteristics data (24, 34) from the local computer system (2, 3), 
searches the database section 43 for a password 45 using the 
characteristics data (24, 34) as a key, and sends the searched password 45 
to the local computer system (2, 3) as the reply. 
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In the following, the operation of the personal identification 
system of Fig.l will be described in detail. Fig.2 is a flow chart showing 
an example of the operation of the personal identification system of Fig.l. 
The following explanation will be given taking a case where a user of the 
local computer system 2 makes use of the common resources 11 as an 
example. First, the logon program 23 which is executed by the local 
computer 21 receives a request of the user for using the common 
resources 11 ("Yes" in step Si). Differently from the conventional 
personal identification systems, the logon program 23 does not directly 
obtain the password from the user nor from a password file, but makes 
the scanning section 22 (scanner etc.) scan the physical characteristics (a 
fingerprint etc.) of the user (step S2) and generate characteristics data 24. 
The logon program 23 sends the characteristics data 24 generated by the 
scanning section 22 to the personal verification system 4 (step S3). 

The personal verification program 42 of the personal verification 
system 4, which received the characteristics data 24 from the logon 
program 23 of the local computer system 2, searches the database section 
43 for a password 45 using the characteristics data 24 as a key. 
Concretely, the personal verification program 42 verifies the 
characteristics data 24 against the registered characteristics data 44 
which have been registered and stored in the database section 43, and if 
the characteristics data 24 matched one of the registered characteristics 
data 44, the personal verification program 42 reads out a password 45 
corresponding to the matched registered characteristics data 44 from the 
database section 43 (step S4). The personal verification program 42 
sends the password 45 to the local computer system 2 (logon program 23) 
(step S5). 

The logon program 23 of the local computer system 2, which 
received the password 45 from the personal verification program 42 of the 
personal verification system 4, sends the password 45 to the remote 



computer system 1 (user identification program 13) (step S6). The user 
identification program 13 of the remote computer system 1 executes user 
identification of the user by use of the password 45 (step S7). 

While the above explanation has been given on the assumption 
that the local computer system 2 is used by the user for the access to the 
common resources 11, the user identification is executed similarly if 
another local computer system 3 is used by the user. In addition, while a 
fingerprint of the user is generally employed as the physical 
characteristics for the personal identification of the user, other physical 
characteristics such as a voiceprint, an iris pattern, a retina pattern, etc. 
of the user can also be employed as long as the personal identification can 
be attained. 

As set forth hereinabove, in the personal identification system 
and a personal identification method in accordance with the present 
invention, the personal verification system 4 is installed as common 
equipment for the local computer systems (2, 3, • • •) and passwords of the 
authorized users are managed solely by the personal verification system 
4. The user is only required to input his/her physical characteristics 
such as a fingerprint at the local computer system. Therefore, the user 
is allowed to make access to the common resources 11 of the remote 
computer system 1 easily and freely without the need of memorizing and 
inputting a complicated password. By the user identification by use of 
the physical characteristics, the "password forgetting problem" is 
eliminated. 

Further, illegal use of the common resources 11 by an 
unauthorized third party can be avoided even if the third party could 
obtain the password of an authorized user, since the physical 
characteristics of the authorized user can not be inputted by the third 
party. A local computer system can be shared and used by two or more 
users safely, without the danger of leaks and illegal use of passwords. 



The simultaneous use of two or more local computer systems by a user 
can be realized easily and freely, without the need of issuing two or more 
user cards etc. to each user at considerable cost and effort. 

The personal identification system and a personal identification 
method in accordance with the present invention can be implemented 
only by installing the personal verification system 4 and modifying the 
local computer systems (2, 3, • * • ) a little. There is no need of modifying 
the remote computer system 1. 

While the present invention has been described with reference to 
the particular illustrative embodiments, it is not to be restricted by those 
embodiments but only by the appended claims. It is to be appreciated 
that those skilled in the art can change or modify the embodiments 
without departing from the scope and spirit of the present invention. 



